Compare commits
7 Commits
2f2423106e
...
008f84c180
| Author | SHA1 | Date | |
|---|---|---|---|
| 008f84c180 | |||
| 4d8a9702a6 | |||
| 919ffa1eb8 | |||
| 5163388bb8 | |||
| 7ade412259 | |||
| 0ea8077ff7 | |||
| 4061790e69 |
23
.gitea/workflows/deployProd.yml
Normal file
23
.gitea/workflows/deployProd.yml
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
name: Deploy
|
||||||
|
run-name: ${{ gitea.actor }} build image and push to container registry
|
||||||
|
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches:
|
||||||
|
- 'main'
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
CreateImage:
|
||||||
|
runs-on: [hubstaging]
|
||||||
|
uses: http://gitea.pena/PenaDevops/actions.git/.gitea/workflows/build-image.yml@v1.1.6-p
|
||||||
|
with:
|
||||||
|
runner: hubstaging
|
||||||
|
secrets:
|
||||||
|
REGISTRY_USER: ${{ secrets.REGISTRY_USER }}
|
||||||
|
REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
|
||||||
|
DeployService:
|
||||||
|
runs-on: [hubprod]
|
||||||
|
needs: CreateImage
|
||||||
|
uses: http://gitea.pena/PenaDevops/actions.git/.gitea/workflows/deploy.yml@v1.1.4-p7
|
||||||
|
with:
|
||||||
|
runner: hubprod
|
||||||
@ -4,7 +4,6 @@ run-name: ${{ gitea.actor }} build image and push to container registry
|
|||||||
on:
|
on:
|
||||||
push:
|
push:
|
||||||
branches:
|
branches:
|
||||||
- 'main'
|
|
||||||
- 'staging'
|
- 'staging'
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
@ -1,44 +1,36 @@
|
|||||||
version: '3.3'
|
|
||||||
|
|
||||||
services:
|
services:
|
||||||
codeword:
|
codeword:
|
||||||
hostname: codeword
|
image: gitea.pena/penaside/codeword/main:$GITHUB_RUN_NUMBER
|
||||||
container_name: codeword
|
|
||||||
image: $CI_REGISTRY_IMAGE/main:$CI_COMMIT_REF_SLUG.$CI_PIPELINE_ID
|
|
||||||
tty: true
|
tty: true
|
||||||
environment:
|
environment:
|
||||||
APP_NAME: 'codeword'
|
APP_NAME: 'codeword'
|
||||||
HTTP_HOST: '0.0.0.0'
|
CLIENT_HTTP_URL: '0.0.0.0:3000'
|
||||||
HTTP_PORT: '3000'
|
ADMIN_HTTP_URL: '0.0.0.0:3001'
|
||||||
MONGO_HOST: '10.8.0.8'
|
GRPC_URL: '0.0.0.0:9000'
|
||||||
MONGO_PORT: '27017'
|
MONGO_URL: mongodb://auth-service-user-prod:LFYFpTvqtxSzXDJV@10.8.0.226:27017/?authSource=auth
|
||||||
MONGO_USER: 'auth-service-user-prod'
|
MONGO_DB_NAME: auth
|
||||||
MONGO_PASSWORD: 'LFYFpTvqtxSzXDJV'
|
ENCRYPT_PUBLIC_KEY: "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEAEbnIvjIMle4rqVol6K2XUqOxHy1KJoNoZdKJrRUPKL4=\n-----END PUBLIC KEY-----"
|
||||||
MONGO_DB: 'auth'
|
ENCRYPT_PRIVATE_KEY: "-----BEGIN PRIVATE KEY-----\nMC4CAQAwBQYDK2VwBCIEIKn0BKwF3vZvODgWAnUIwQhd8de5oZhY48gc23EWfrfs\n-----END PRIVATE KEY-----"
|
||||||
MONGO_AUTH: 'auth'
|
ENCRYPT_SIGN_SECRET: 'pena-auth-microservice-group'
|
||||||
PUBLIC_CURVE_KEY: "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEAEbnIvjIMle4rqVol6K2XUqOxHy1KJoNoZdKJrRUPKL4=\n-----END PUBLIC KEY-----"
|
REDIS_HOST: '10.8.0.226:6379'
|
||||||
PRIVATE_CURVE_KEY: "-----BEGIN PRIVATE KEY-----\nMC4CAQAwBQYDK2VwBCIEIKn0BKwF3vZvODgWAnUIwQhd8de5oZhY48gc23EWfrfs\n-----END PRIVATE KEY-----"
|
REDIS_PASSWORD: 'Redalert2'
|
||||||
SIGN_SECRET: 'pena-auth-microservice-group'
|
|
||||||
REDIS_ADDR: '10.8.0.9:6379'
|
|
||||||
REDIS_PASS: 'Redalert2'
|
|
||||||
REDIS_DB: 3
|
REDIS_DB: 3
|
||||||
SMTP_API_URL: 'https://api.smtp.bz/v1/smtp/send'
|
API_URL: 'https://api.smtp.bz/v1/smtp/send'
|
||||||
SMTP_HOST: 'connect.smtp.bz'
|
MAIL_API_KEY: '8tv2xcsfCMBX3TCQxzgeeEwAEYyQrPUp0ggw'
|
||||||
SMTP_PORT: '587'
|
MAIL_SENDER: 'recovery@noreply.pena.digital'
|
||||||
SMTP_UNAME: 'team@pena.digital'
|
|
||||||
SMTP_PASS: 'AyMfwqA9LkQH'
|
|
||||||
SMTP_API_KEY: '8tv2xcsfCMBX3TCQxzgeeEwAEYyQrPUp0ggw'
|
|
||||||
SMTP_SENDER: 'recovery@noreply.pena.digital'
|
|
||||||
DEFAULT_REDIRECTION_URL: 'https://hub.pena.digital/'
|
DEFAULT_REDIRECTION_URL: 'https://hub.pena.digital/'
|
||||||
AUTH_EXCHANGE_URL: 'http://10.8.0.8:59300/auth/exchange'
|
AUTH_EXCHANGE_URL: 'http://10.8.0.226:59300/auth/exchange'
|
||||||
RECOVER_URL: 'https://hub.pena.digital/codeword/recover/'
|
MAIL_RECOVERY_URL: 'https://hub.pena.digital/codeword/v1.0.0/recover/'
|
||||||
JWT_AUDIENCE: 'pena'
|
JWT_AUDIENCE: 'pena'
|
||||||
JWT_ISSUER: 'pena-auth-service'
|
JWT_ISSUER: 'pena-auth-service'
|
||||||
JWT_PUBLIC_KEY: $JWT_PUBLIC_KEY
|
JWT_PUBLIC_KEY: "-----BEGIN PUBLIC KEY-----\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCLW1tlHyKC9AG0hGpmkksET2DE\nr7ojSPemxFWAgFgcPJWQ7x3uNbsdJ3bIZFoA/FClaWKMCZmjnH9tv0bKZtY/CDhM\nZEyHpMruRSn6IKrxjtQZWy4uv/w6MzUeyBYG0OvNCiYpdvz5SkAGAUHD5ZNFqn2w\nKKFD0I2Dr59BFVSGJwIDAQAB\n-----END PUBLIC KEY-----"
|
||||||
DISCOUNT_ADDRESS: "10.8.0.8:9001"
|
DISCOUNT_MICROSERVICE_GRPC_URL: "10.8.0.226:9001"
|
||||||
KAFKA_BROKERS: "10.8.0.8:9092"
|
KAFKA_BROKERS: "10.8.0.226:9092"
|
||||||
KAFKA_TOPIC_TARIFF: "tariffs"
|
KAFKA_TOPIC_TARIFF: "tariffs"
|
||||||
|
GRPC_HOST: "0.0.0.0"
|
||||||
|
TRASH_LOG_HOST: "10.8.0.200:7123"
|
||||||
|
AUTH_MICROSERVICE_URL: http://10.8.0.226:59300
|
||||||
ports:
|
ports:
|
||||||
- 10.8.0.8:59664:3000
|
- 10.8.0.226:19100:3000
|
||||||
networks:
|
- 10.8.0.226:29100:3001
|
||||||
- default
|
- 10.8.0.226:39100:9000
|
||||||
|
|||||||
@ -1,5 +1,3 @@
|
|||||||
version: '3.3'
|
|
||||||
|
|
||||||
services:
|
services:
|
||||||
codewordv1.0.0:
|
codewordv1.0.0:
|
||||||
image: gitea.pena:3000/penaside/codeword/staging:$GITHUB_RUN_NUMBER
|
image: gitea.pena:3000/penaside/codeword/staging:$GITHUB_RUN_NUMBER
|
||||||
@ -20,17 +18,17 @@ services:
|
|||||||
MAIL_API_KEY: 'P0YsjUB137upXrr1NiJefHmXVKW1hmBWlpev'
|
MAIL_API_KEY: 'P0YsjUB137upXrr1NiJefHmXVKW1hmBWlpev'
|
||||||
MAIL_SENDER: 'noreply@mailing.pena.digital'
|
MAIL_SENDER: 'noreply@mailing.pena.digital'
|
||||||
DEFAULT_REDIRECTION_URL: 'https://shub.pena.digital/'
|
DEFAULT_REDIRECTION_URL: 'https://shub.pena.digital/'
|
||||||
AUTH_EXCHANGE_URL: 'http://10.7.0.4:59300/auth/exchange'
|
AUTH_EXCHANGE_URL: 'http://10.7.0.6:59300/auth/exchange'
|
||||||
MAIL_RECOVERY_URL: 'https://shub.pena.digital/codeword/v1.0.0/recover/'
|
MAIL_RECOVERY_URL: 'https://shub.pena.digital/codeword/v1.0.0/recover/'
|
||||||
JWT_AUDIENCE: 'pena'
|
JWT_AUDIENCE: 'pena'
|
||||||
JWT_ISSUER: 'pena-auth-service'
|
JWT_ISSUER: 'pena-auth-service'
|
||||||
JWT_PUBLIC_KEY: $JWT_PUBLIC_KEY
|
JWT_PUBLIC_KEY: "-----BEGIN PUBLIC KEY-----\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCLW1tlHyKC9AG0hGpmkksET2DE\nr7ojSPemxFWAgFgcPJWQ7x3uNbsdJ3bIZFoA/FClaWKMCZmjnH9tv0bKZtY/CDhM\nZEyHpMruRSn6IKrxjtQZWy4uv/w6MzUeyBYG0OvNCiYpdvz5SkAGAUHD5ZNFqn2w\nKKFD0I2Dr59BFVSGJwIDAQAB\n-----END PUBLIC KEY-----"
|
||||||
KAFKA_BROKERS: "10.7.0.6:9092"
|
KAFKA_BROKERS: "10.7.0.6:9092"
|
||||||
KAFKA_TOPIC_TARIFF: "tariffs"
|
KAFKA_TOPIC_TARIFF: "tariffs"
|
||||||
DISCOUNT_MICROSERVICE_GRPC_URL: hubstaging.pena:9001
|
DISCOUNT_MICROSERVICE_GRPC_URL: hubstaging.pena:9001
|
||||||
GRPC_HOST: "0.0.0.0"
|
GRPC_HOST: "0.0.0.0"
|
||||||
TRASH_LOG_HOST: "10.7.0.5:7113"
|
TRASH_LOG_HOST: "10.7.0.5:7113"
|
||||||
AUTH_MICROSERVICE_URL: http://10.7.0.4:59300
|
AUTH_MICROSERVICE_URL: http://10.7.0.6:59300
|
||||||
ports:
|
ports:
|
||||||
- 10.7.0.6:19100:3000
|
- 10.7.0.6:19100:3000
|
||||||
- 10.7.0.6:29100:3001
|
- 10.7.0.6:29100:3001
|
||||||
|
|||||||
@ -41,7 +41,7 @@ func (r *RecoveryEmailSender) SendRecoveryEmail(email string, signature string)
|
|||||||
|
|
||||||
message := fmt.Sprintf(`Здравствуйте, ваша <a href="%s">ссылка для восстановление пароля</a>(доступна всего 15 минут)
|
message := fmt.Sprintf(`Здравствуйте, ваша <a href="%s">ссылка для восстановление пароля</a>(доступна всего 15 минут)
|
||||||
|
|
||||||
Если это были не вы, напишите пожалуйста в техническую поддержку.`, r.recoveryUrl+signature)
|
Если это были не вы, напишите пожалуйста в техническую поддержку.`, signature)
|
||||||
|
|
||||||
form := new(bytes.Buffer)
|
form := new(bytes.Buffer)
|
||||||
writer := multipart.NewWriter(form)
|
writer := multipart.NewWriter(form)
|
||||||
|
|||||||
@ -60,7 +60,7 @@ func (p *PromoCodeController) Activate(c *fiber.Ctx) error {
|
|||||||
case errors.Is(err, repository.ErrPromoCodeExpired):
|
case errors.Is(err, repository.ErrPromoCodeExpired):
|
||||||
hlogger.Emit(models.InfoPromocodeDeadlined{
|
hlogger.Emit(models.InfoPromocodeDeadlined{
|
||||||
|
|
||||||
CtxID: promocode.ID.String(),
|
CtxID: req.Codeword,
|
||||||
})
|
})
|
||||||
return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{"error": err.Error()})
|
return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{"error": err.Error()})
|
||||||
case errors.Is(err, repository.ErrPromoCodeExhausted):
|
case errors.Is(err, repository.ErrPromoCodeExhausted):
|
||||||
|
|||||||
@ -10,6 +10,7 @@ import (
|
|||||||
"go.uber.org/zap"
|
"go.uber.org/zap"
|
||||||
"gitea.pena/PenaSide/common/log_mw"
|
"gitea.pena/PenaSide/common/log_mw"
|
||||||
"time"
|
"time"
|
||||||
|
"strings"
|
||||||
)
|
)
|
||||||
|
|
||||||
type Deps struct {
|
type Deps struct {
|
||||||
@ -47,7 +48,7 @@ func (r *RecoveryController) HandleRecoveryRequest(c *fiber.Ctx) error {
|
|||||||
return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{"error": "email is required"})
|
return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{"error": "email is required"})
|
||||||
}
|
}
|
||||||
|
|
||||||
referralURL := c.Get("Referrer")
|
referralURL := c.Get("Referer")
|
||||||
|
|
||||||
if req.RedirectionURL == "" && referralURL != "" {
|
if req.RedirectionURL == "" && referralURL != "" {
|
||||||
req.RedirectionURL = referralURL
|
req.RedirectionURL = referralURL
|
||||||
@ -67,7 +68,7 @@ func (r *RecoveryController) HandleRecoveryRequest(c *fiber.Ctx) error {
|
|||||||
return c.Status(fiber.StatusInternalServerError).JSON(fiber.Map{"error": "Internal Server Error"})
|
return c.Status(fiber.StatusInternalServerError).JSON(fiber.Map{"error": "Internal Server Error"})
|
||||||
}
|
}
|
||||||
|
|
||||||
signUrl := req.RedirectionURL
|
signUrl := referralURL +"/codeword/v1.0.0/recover"
|
||||||
sign := base64.URLEncoding.EncodeToString(key)
|
sign := base64.URLEncoding.EncodeToString(key)
|
||||||
|
|
||||||
id, err := r.service.StoreRecoveryRecord(c.Context(), models.StoreRecDeps{
|
id, err := r.service.StoreRecoveryRecord(c.Context(), models.StoreRecDeps{
|
||||||
@ -83,7 +84,12 @@ func (r *RecoveryController) HandleRecoveryRequest(c *fiber.Ctx) error {
|
|||||||
|
|
||||||
signWithID := sign + id // подпись с id записи
|
signWithID := sign + id // подпись с id записи
|
||||||
|
|
||||||
err = r.service.RecoveryEmailTask(c.Context(), models.RecEmailDeps{UserID: user.ID.Hex(), Email: req.Email, SignWithID: signWithID, ID: id})
|
err = r.service.RecoveryEmailTask(c.Context(), models.RecEmailDeps{
|
||||||
|
UserID: user.ID.Hex(),
|
||||||
|
Email: req.Email,
|
||||||
|
SignWithID: strings.Replace(signUrl, "/changepwd","",1) + "/"+signWithID,
|
||||||
|
ID: id,
|
||||||
|
})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
r.logger.Error("Failed to send recovery email", zap.Error(err))
|
r.logger.Error("Failed to send recovery email", zap.Error(err))
|
||||||
|
|
||||||
@ -111,7 +117,7 @@ func (r *RecoveryController) HandleRecoveryLink(c *fiber.Ctx) error {
|
|||||||
record, err := r.service.GetRecoveryRecord(c.Context(), sign)
|
record, err := r.service.GetRecoveryRecord(c.Context(), sign)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
r.logger.Error("Recovery link expired", zap.String("signature", sign))
|
r.logger.Error("Recovery link expired", zap.String("signature", sign))
|
||||||
return c.Redirect("https://shub.pena.digital/recover/expired")
|
return c.Redirect("https://hub.pena.digital/recover/expired")
|
||||||
}
|
}
|
||||||
|
|
||||||
if time.Since(record.CreatedAt) > 15*time.Minute {
|
if time.Since(record.CreatedAt) > 15*time.Minute {
|
||||||
@ -147,5 +153,5 @@ func (r *RecoveryController) HandleRecoveryLink(c *fiber.Ctx) error {
|
|||||||
CtxUserID: record.UserID,
|
CtxUserID: record.UserID,
|
||||||
})
|
})
|
||||||
|
|
||||||
return c.Redirect(record.SignUrl + "?auth=" + tokens["accessToken"])
|
return c.Redirect("https://" + strings.Replace(record.SignUrl,"/codeword/v1.0.0/recover","/changepwd",1) + "?auth=" + tokens["accessToken"])
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user